More on the two "villians" too. It has a nice description, not overly technical (though inevitable at times) for understanding. Crux of it is remediation is really for CPU vendors to issue firmware updates to protect against these attacks. The OS and affected vendor will "support" with their release to reduce the attack surface or make it harder to exploit.
Unfortunately, there are no software patches or operating system mitigations that can fully mitigate the impacts of the Spectre attacks and the flaws being abused. Only saving grace is browser vendors have begun updating their browsers to disable certain features which make the Spectre attack feasible via JavaScript. If really paranoid, back to basic to disable active scripting like Javascript.
https://research.kudelskisecurity.com/2018/01/04/meltdown-spectre-attacks-on-cpu-flaws/
Unfortunately, there are no software patches or operating system mitigations that can fully mitigate the impacts of the Spectre attacks and the flaws being abused. Only saving grace is browser vendors have begun updating their browsers to disable certain features which make the Spectre attack feasible via JavaScript. If really paranoid, back to basic to disable active scripting like Javascript.
https://research.kudelskisecurity.com/2018/01/04/meltdown-spectre-attacks-on-cpu-flaws/
4 Comments
Active 1 day ago
Comment
Arstechnica had the best accurate reporting on these faults.
See
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
and also https://spectreattack.com/
But your link is interesting. Intel is doing a microcode update for some processors, and that's the first link I've seen that clearly states that.
See
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/
https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
and also https://spectreattack.com/
But your link is interesting. Intel is doing a microcode update for some processors, and that's the first link I've seen that clearly states that.
Active today
Actually Intel is releasing the patches and also captured in their public statement.
https://arstechnica.com/gadgets/2018/01/intel-faces-class-action-lawsuits-regarding-meltdown-and-spectre/
Regardless here is another side by side comparison for these two villains in case anyone needs it as quick bite.
https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/
https://arstechnica.com/gadgets/2018/01/intel-faces-class-action-lawsuits-regarding-meltdown-and-spectre/
Regardless here is another side by side comparison for these two villains in case anyone needs it as quick bite.
https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/
Active 1 day ago
Comment
I think the microcode patches will come through the system vendor, Dell, HP etc etc. Intel will probably supply them with the patches to distribute.
As for the lawsuits that will be interesting. Unless it can be proven that there is a significant slowdown those lawsuits will go nowhere. And at this stage there is no real evidence of that. The most likely candidates will be those who run VM instances in the cloud and we'll need to wait for those to occur.
It will be a pity if the lawsuits don't succeed because I'd love a new Core 2 Quad processor replacement ...
As for the lawsuits that will be interesting. Unless it can be proven that there is a significant slowdown those lawsuits will go nowhere. And at this stage there is no real evidence of that. The most likely candidates will be those who run VM instances in the cloud and we'll need to wait for those to occur.
It will be a pity if the lawsuits don't succeed because I'd love a new Core 2 Quad processor replacement ...
Recommended Posts
Exchange Server Roadmap Update.
MS have moved the release date for the next version of Exchange Server to the second half of 2025.
It requires Server and CAL licenses and will be accessible only to customers with Software Assurance,
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/3421389
MS have moved the release date for the next version of Exchange Server to the second half of 2025.
It requires Server and CAL licenses and will be accessible only to customers with Software Assurance,
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/3421389
